Skip to content

X-Cotang/JSMemshellTunnel

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

4 Commits
CVE-2025-66478.txt
CVE-2025-66478.txt
 
 
README.md
README.md
 
 
payload.js
payload.js
 
 
tunnel.py
tunnel.py
 
 

Repository files navigation

HTTP Tunnel (Memshell SOCKS5 Proxy)

⚠️ For Educational Purposes Only - This project is designed for learning about network tunneling techniques and should only be used in authorized environments.

A lightweight SOCKS5 proxy tunnel that operates over HTTP. This tool is inspired by reGeorg and allows you to pivot through a compromised web server to access internal network services.

Overview

This project consists of two main components:

  1. payload.js - A Node.js payload that hooks into the HTTP server to create a tunnel endpoint (/tunnel)
  2. tunnel.py - A Python SOCKS5 proxy client that connects to the tunnel endpoint

How It Works

┌──────────────┐     SOCKS5      ┌──────────────┐      HTTP       ┌──────────────┐
│ Local Client │  ─────────────▶│  tunnel.py   │  ────────────▶  │ Web Server   │
│ (Browser,    │                 │ (SOCKS Proxy)│                 │ (payload.js) │
│  curl, etc.) │                 │ 127.0.0.1:   │                 │  /tunnel     │
│              │                 │    1080      │                 │              │
└──────────────┘                 └──────────────┘                 └──────────────┘
                                                                         │
                                                                         │ TCP
                                                                         ▼
                                                                  ┌──────────────┐
                                                                  │   Internal   │
                                                                  │   Service    │
                                                                  └──────────────┘

Requirements

  • Python 3.6+

Installation

pip install urllib3

Usage

Step 1: Deploy the Payload

The payload.js must be executed on the target Node.js server. Once loaded, it hooks into the HTTP server and exposes a /tunnel endpoint.

Step 2: Start the SOCKS5 Proxy

python3 tunnel.py -u http://localhost:3000/tunnel -p 1080

Command Line Options

Option Description Default
-u, --url URL of the tunnel endpoint (required) -
-p, --listen-port Local SOCKS5 proxy port 1080
-l, --listen-on Local bind address 127.0.0.1
-v, --verbose Enable debug logging false

Step 3: Use the Proxy

Configure your applications to use the SOCKS5 proxy:

# Using curl
curl --socks5 127.0.0.1:1080 http://echo.opera.com

# Using proxychains
proxychains nmap -sT -Pn internal-host

# Browser: Configure SOCKS5 proxy to 127.0.0.1:1080

Protocol

The tunnel uses custom HTTP headers to communicate:

Header Description
X-CMD Command type: CONNECT, READ, FORWARD, DISCONNECT
X-TARGET Target host for connection
X-PORT Target port for connection
X-STATUS Response status: OK or FAIL
X-ERROR Error message (if any)

Limitations

  • IPv6 is not supported
  • UDP relay is not supported

Disclaimer

This tool is provided for educational and authorized security testing purposes only. Unauthorized access to computer systems is illegal. Always obtain proper authorization before testing.

License

This project is for educational use only.

About

Simple memshell tunnel for JS

Topics

tunnel tunneling memshell

Resources

Readme
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages